Threat actors could exploit vulnerabilities in the Bluetooth Core and Mesh specifications to impersonate devices during pairing, paving the way to man-in-the-middle (MITM) attacks.
The vulnerabilities, disclosed by researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) and disclosed on Monday, allow for “impersonation attacks and AuthValue disclosures” according to a Carnegie Mellon University CERT Coordination Center advisory.
The vulnerabilities are as follows:
CVE-2020-26558: A vulnerability in the Passkey Entry protocol, used during Secure Simple Pairing (SSP), Secure Connections (SC), and LE Secure Connections (LESC) in Bluetooth Core (v.21 – 5.2). Crafted responses could be sent during pairing by an attacker to determine each bit of the randomly generated Passkey generated during pairing, leading to impersonation.
CVE-2020-26555: Another vulnerability in Bluetooth Core (v1.0B through 5.2), the BR/EDR PIN Pairing procedure can also be abused for the purposes of impersonation. Attackers could spoof Bluetooth device addresses of a target device, reflect encrypted nonces, and complete BR/EDR pin-code pairing without knowing the pin code. This attack requires a malicious device to be in wireless range.
CVE-2020-26560: Impacting Bluetooth Mesh (v.1.0, 1.0.1), this vulnerability could allow attackers to spoof devices being provisioned via crafted responses created to appear to possess an AuthValue.This may give them access to a valid NetKey and AppKey. An attacker’s device needs to be in the wireless range of a Mesh Provisioner.
CVE-2020-26557: Affecting Bluetooth Mesh (v.1.0, 1.0.1), the Mesh Provisioning protocol could allow attackers to perform a brute-force attack and secure a fixed value AuthValue, or one that is “selected predictably or with low entropy,” leading to MiTM attacks on future provisioning attempts.
CVE-2020-26556: If the AuthValue can be identified during provisioning, the Bluetooth Mesh authentication protocol (v.1.0, 1.0.1) is vulnerable and may be abused to secure a Netkey. However, the researchers note that attackers must identify the AuthValue before a session timeout.
CVE-2020-26559: The Mesh Provisioning procedure used by Bluetooth Mesh (v.1.0, 1.0.1) allows attackers, with provision — but without access to the AuthValue — to identify the AuthValue without the need for a brute-force attack.
“Even when a randomly generated AuthValue with a full 128-bits of entropy is used, an attacker acquiring the provisioner’s public key, provisioning confirmation value, and provisioning random value, and providing its public key for use in the provisioning procedure, will be able to compute the AuthValue directly,” the advisory reads.
The researchers also identified a potential vulnerability in Bluetooth Core relating to LE Legacy Pairing in versions 4.0 to 5.2 which could allow an attacker-controlled device to perform pairing without knowledge of temporary keys (TK).
The Android open source project, Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are cited as vendors with software vulnerable to the disclosed vulnerabilities, in some form or another.
The Android open source project said, “Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin.”
“Cisco has investigated the impact of the aforementioned Bluetooth Specification vulnerabilities and is currently waiting for all the individual product development teams to provide software fixes to address them.”
Microchip Technologies is also working on patches.
Red Hat, Cradlepoint, and Intel did not issue the team statements ahead of public disclosure.
Bluetooth Special Interest Group (SIG), which works on the development of global Bluetooth standards, has also published separate security advisories.
To mitigate the risk of exploit, updates from operating system manufacturers should be accepted once they are made available.
The research follows a separate Bluetooth-related security issue disclosed in September 2020 by Purdue University academics. Dubbed the Bluetooth Low Energy Spoofing Attack (BLESA), the vulnerability impacts devices running on the Bluetooth Low Energy (BLE) protocol, a system used when limited battery power is available.
ZDNet has reached out to Red Hat, Cradlepoint, and Intel and we will update when we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0